Microsoft announced on Tuesday that a serious remote code execution flaw in Internet Explorer could allow remote attackers to gain access to Windows systems. Unfortunately, no versions of Windows are spared from this critical flaw, and users are highly recommended to patch their systems immediately to avoid being exploited.
Anatomy of the Exploit
Similar to the Adobe Flash vulnerability also announced this week, the Windows vulnerability detailed in Microsoft Bulletin MS15-106 is exploited through remote code execution triggered by specially crafted web content. Users browsing the web with Internet Explorer fall prey to the exploit by clicking on maliciously crafted links and websites that capitalize on the flawed browser's JScript/VBscript engine. Once compromised, systems can be controlled by remote attackers assuming the same rights as the logged-in user.
Windows Vista, 7, 8, 8.1, and 10 are all vulnerable to this exploit, and impacted users should apply the patch provided by Microsoft immediately to fix this critical flaw. As the vulnerability primarily involves memory corruption in Internet Explorer, JScript and VBScript, the fix updates how the scripting engine handles objects in memory. Additionally, the patch bolsters Internet Explorer with additional permission validations. Other updates announced on Tuesday include fixes to Microsoft Office and the Windows Edge browser.
The daunting task of identifying vulnerable systems in your Windows environment is rendered trivial with UpGuard's platform for vulnerability assessment and monitoring. Our platform can automatically discover critical security gaps in your infrastructure before remote attackers do—give it a spin today, on us.
So how do events like 000webhost's massive data breach involving free web hosting providing 000webhost transpire? In a word, negligence. Gross negligence, to be precise.
Read Blog >
Access to free vulnerability assessment should be a basic right in a world where computing is integral to social and economic life. For our part, we're offering our full product, including vulnerability assessment, free forever for a user's first ten machines.
Read Blog >